Meeting GDPR Compliance with Endpoints and Mobile Devices

May 25th has come and gone. If you do business in the European Union (EU) or collect data on EU citizens, you should have already done the work necessary to demonstrate compliance with the General Data Protection Regulation (GDPR):

Identified all of your data, where it is stored, who works on it, who has permission to manipulate it and how end-user privacy is protected.

Adopted new governance procedures and created positions for data controllers, processors and protection officers.

You’d like to sit back and breath a sigh of relief. But you know you can’t. Regulatory compliance is an ongoing and dynamic process that requires constant care and vigilance, particularly across your endpoints and mobile devices.

The best way to strengthen your ability to meet ongoing compliance requirements is through unified endpoint management (UEM). UEM is the modern approach to mobile device management (MDM) and enterprise mobility management (EMM), providing a centralized view of all devices, users, apps, and data to help your organization stay on track with its ongoing compliance goals.

Unified Endpoint Management for Dummies

Read on to receive an overview of unified endpoint management (UEM), why it’s necessary, how it addresses complex problems encountered in the modern enterprise, and where IT can turn for help.

Overcoming GDPR Gotchas—Top 5 Criteria to Look for in Your UEM Not all UEM solutions are created equal – so what should you be looking for in your solution? Here are some of the features and capabilities to help you meet GDPR compliance and maintain it over the long haul:

Data containment: You want to make sure data is stored on the device and not on servers. This will prevent the provider’s internal teams from viewing the data. Your solution should include a secure container. Personal data stored in the container should be limited in scope to an as-needed basis, including name, address and phone numbers.

Data encryption: Look for a solution that uses AES-256 CTR encryption algorithms to encrypt all application data in motion and at rest. For Apple iOS look for built-in Common Crypto FIPS 140-2-compliant encryption; for Google Android look for SQLCipher with the OpenSSL (AES 256) FIPS 140-2- compliant crypto models. This provides comprehensive encryption for databases, not just their contents.

Local presence: In addition to meeting EU GDPR requirements, you need to take regional ordinances into consideration when protecting data privacy. Your cloud-based UEM should leverage contextually arthitected data centers that take regional ordinances into consideration.

Cognitive insights and analytics: Contextual analytics and insights using AI/cognitive capabilities can help you see what happened, what can happen and what should be done all in the context of your endpoint and mobile environment. This will improve decision-making processes and help IT and security leaders with lifecycle management and GDPR compliance.

A cloud-based platform: You want one view across all mobile devices, laptops and desktops, preparing you to answer key questions such as: Where is data being stored? Is it stored securely? How is end-user privacy protected? A cloud-based platform offers instant support for the latest operating system version updates to reduce risk and ensure version control across all mobile users and devices.

Finding the Right Match for GDPR ComplianceIBM MaaS360 with Watson is a UEM solution that meets the requirements of the modern enterprise to both demonstrate and help maintain compliance with GDRP. MaaS360 offers the full sets of features and functions to enable you to meet compliance requirements beyond GPDR, whether they are specific to your country, region, or industry. Compliance is critical. Make sure you’re prepared. Start your 30-day free trial of MaaS360 today by visiting IBM.com/MaaS360.